The range and cost of global malicious cyber activities (cyber attacks) are growing.
The cost is forecast to reach USD 2 000 billion by 2019, a threefold increase from the 2015 estimate of USD 500 billion. In addition to financial losses, concern is growing regarding attacks on critical infrastructure sectors. Safeguarding various parts of critical infrastructure from cyber attacks is becoming a priority for most countries. Energy installations are central to the entire critical infrastructure: without electricity there’s no transport system, no fresh water supply or waste water treatment, healthcare facilities, factories can no longer function.
As a result energy installations have become prime targets for cyber attacks in recent years some, arguably, to find out about possible vulnerabilities that can be exploited with a crippling effect
at a later date. Power grids have been taken down, dams and nuclear power plants have been targeted.
Protecting critical infrastructure, energy systems in particular, requires following a broad range of standards, such as the IEC/ISO 27000 family of International Standards on information security management, and industry-specific Standards prepared by a number of standards developing organizations, including the International Electrotechnical Commission (IEC – www.iec.ch).
The IEC has issued 235 IT security-related publications, i.e. International Standards, Technical Requirements (TR), Technical Specifications (TS); some 160 have been developed by several Subcommittees of ISO/IEC JTC 1: Information technology, including the IEC/ISO 27000 family.